OpenSSH with Mac Keychain
ccyang at unlv.edu
Wed Feb 7 07:04:04 UTC 2018
Thanks for the response.
I can attest that openssh+gsskex does not support keychain, because my port installation is openssh @7.6p1_2+gsskex+kerberos5+xauth.
This puts me in a dilemma. I need for one particular remote system the gsskex support, which was removed by Apple quite some time ago. That was why I started using macports’ version in the first place.
I guess the only thing I can do is to make a special alias for that remote system using the macports’ openssh, and use Apple’s version for all others. This is annoying that Apple is customizing its own ssh…
> On Feb 5, 2018, at 6:55 AM, Rainer Müller <raimue at macports.org> wrote:
> On 2018-01-31 21:28, Chao-Chin Yang wrote:
>> I can continue to log into the remote system without entering again the
>> passphrase. However, once I completely log out of my Mac and re-log
>> into my Mac, the terminal does not remember my passphrase anymore.
> As of macOS 10.12 Sierra, this is the intended behavior:
>> After googling around, it seems that the Mac native SSH has added a new
>> SSH keyword “UseKeychain”, while the MacPorts version does not have this
>> keyword and is having problem talking to Keychain. I cannot find any
>> solution to this.
>> Does anyone know any solution or is working on one?
> Unfortunately, the keychain support is a custom patch by Apple that is
> not in the upstream sources. The patch will only be applied when
> installing it with the +gsskex variant, however, I have not tested it
> Personally, I usually use /usr/bin/ssh because of the keychain
> integration, but I have the following lines in my ~/.ssh/config that
> stop /opt/local/bin/ssh from choking on the unknown options:
> IgnoreUnknown AddKeysToAgent,UseKeychain
> AddKeysToAgent yes
> UseKeychain yes
> Hope that helps,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the macports-users